<div class="gmail_quote">On Sun, Jun 13, 2010 at 3:06 PM, sean darcy <span dir="ltr"><<a href="mailto:seandarcy2@gmail.com">seandarcy2@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin: 0pt 0pt 0pt 0.8ex; border-left: 1px solid rgb(204, 204, 204); padding-left: 1ex;">
<div><div></div>But I'm struck with your notion of having sip user ids different from<br></div>
extensions. That would not require any user effort, or messing with each<br>
phone. But...<br clear="all"></blockquote></div><br>It'd be just as much effort as changing the passwords for each phone. You'll have to modify the SIP USERNAME setting on each phone you want to change the username for, the same as modifying the SIP PASSWORD setting for each phone.<br>
<br>I'd recommend changing all of the passwords, modifying them on the phones themselves, and then setting up a fail2ban solution that will ban anyone who has more than 5 failed password attempts in less than a few minutes. You can even leave iptables setup to allow all, and just block the IPs that fail2ban triggers on.<br>
<br>In your situation, using a password like 0000, you may not end up with 5 failed password attempts, as that's usually one of the first things the scripts out there will try, so fail2ban will only help you if you up your password security.<br>
<br>I've had trouble getting the permit/deny trick to work as an IP filter in the past, so instead I went with an iptables / fail2ban solution, along with difficult to guess passwords.<br><br>-- <br>Thanks,<br>--Warren Selby<br>
<a href="http://www.selbytech.com">http://www.selbytech.com</a><br>
<div style="visibility: hidden; display: inline;" id="avg_ls_inline_popup"></div><style type="text/css">#avg_ls_inline_popup { position:absolute; z-index:9999; padding: 0px 0px; margin-left: 0px; margin-top: 0px; width: 240px; overflow: hidden; word-wrap: break-word; color: black; font-size: 10px; text-align: left; line-height: 13px;}</style>